Recently, I passed my 3rd AWS Certification i.e. AWS Certified Security Speciality Certification. It was one of the hardest AWS exams I completed till date.
Exam Preparation :
Listed below are the resources I used to prepare for SCS-C01 exam :
- Exam Guide : Quite useful to familiarize yourself with the exam structure, sections and topics. AWS Certified Security–Specialty(SCS-C01) Exam Guide
- Training : I used Linux Academy and Udemy courses. LA course is bit old but covers basic concept. Udemy courses are quite useful .
- Study Guide : I used Packt Security Specialty Exam guide which covers lot of useful scenarios, practical examples and use-cases. Reference: https://www.packtpub.com/cloud-networking/aws-certified-security-specialty-exam-guide
- Practice Questions : Practising for all exam topics and areas is critical. AWS offers practice exam also . In addition, I used whizlabs.com which is very thorough and provides explanation and details.
- AWS Documentation : Very throrough documentation provided by any service provider. Don’t miss the FAQ regarding each service (especially for KMS, IAM, VPC). Reference : https://aws.amazon.com/faqs/
- AWS Re-Invent Videos : I highly recommend going through these videos, as they will give you enough in-depth knowledge about each service. Reference: http://aws-reinvent-audio.s3-website.us-east-2.amazonaws.com/2019/2019.html
- AWS Exam Sample Questions : I recommend going through AWS Exam Sample Questions to get yourself acquanited with exam structure and level of difficulty. Reference: AWS Sample Questions
Key Technology Areas :
Understanding some of the topics is extermely critical , so focus in depth on those:
- KMS , CMK etc.
- IAM roles
- All kind policies (key policies, IAM policies, bucket policies etc.)
- VPC Security esp VPC flow logs,
- Container / EKS Security
- CloudTrail , CloudWatch logs
- AWS Config, AWS Inspector and related services
- Cloud Front, AWS WAF, Systems Manager etc.
Know the Domains/Services :
AWS Identity and Access Management (IAM):
Needless to say, Identity and Access Management is at the heart of Security. Its AAA in Cisco/Traditional sense and is most vital for securing access to your cloud resources. You should know IAM inside/out.
- Know the IAM policies, rules, users and groups.
- Learn how IAM roles differ from resource-based policies
- Understand the difference between AWS Managed Policies, Customer Managed Polices & Inline Policies.
- Take note of how user-based policies differentiate from resource-based policies
PreSigned URLs:
- Know the purpose of S3 pre-signed URLs and how they differ from CloudFront pre-signed URLs
- Learn when you can use CloudFront Signed URLs vs Signed Cookies
- Know how to leverage OAI to restrict access to S3 content
Amazon Cognito:
- If you are familiar with Auth0 service, Amazon Cognito is a similar service which helps you authenticate web/mobile apps users.
- Learn how to differentiate between Cognito User Pools from Identity Pools and scenarios in which to leverage each
Final Note:
Security Speciality exam is quite hard exam as it requires you to know in-depth about different AWS services and their use-cases.
Good Luck !
Certification Verification Link :
Tariq Sheikh has been working in IT industry for 15 plus years He is a dual CCIEx26141 with Security,Collaboration and Data Center as his specialities as well as 4xAWS Certified . He is based in Dubai,UAE and his areas of expertise include Data Center technologies, Networking, Security and AWS solution architect
